The next generation of the Teknik Services. Written in ASP.NET. https://www.teknik.io/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

SecurityHeadersMiddleware.cs 1.8KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253
  1. using Microsoft.AspNetCore.Builder;
  2. using Microsoft.AspNetCore.Http;
  3. using System;
  4. using System.Collections.Generic;
  5. using System.Linq;
  6. using System.Threading.Tasks;
  7. using Teknik.Configuration;
  8. namespace Teknik.IdentityServer.Middleware
  9. {
  10. public class SecurityHeadersMiddleware
  11. {
  12. private readonly RequestDelegate _next;
  13. public SecurityHeadersMiddleware(RequestDelegate next)
  14. {
  15. _next = next;
  16. }
  17. public Task Invoke(HttpContext httpContext, Config config)
  18. {
  19. IHeaderDictionary headers = httpContext.Response.Headers;
  20. // Access Control
  21. headers.Append("Access-Control-Allow-Credentials", "true");
  22. headers.Append("Access-Control-Allow-Methods", "GET, PUT, POST, DELETE, OPTIONS");
  23. headers.Append("Access-Control-Allow-Headers", "Authorization, Accept, Origin, Content-Type, X-Requested-With, Connection, Transfer-Encoding");
  24. // HSTS
  25. headers.Append("strict-transport-security", "max-age=31536000; includeSubdomains; preload");
  26. // XSS Protection
  27. headers.Append("X-XSS-Protection", "1; mode=block");
  28. // Content Type Options
  29. headers.Append("X-Content-Type-Options", "nosniff");
  30. // Referrer Policy
  31. headers.Append("Referrer-Policy", "no-referrer, strict-origin-when-cross-origin");
  32. return _next(httpContext);
  33. }
  34. }
  35. // Extension method used to add the middleware to the HTTP request pipeline.
  36. public static class SecurityHeadersMiddlewareExtensions
  37. {
  38. public static IApplicationBuilder UseSecurityHeaders(this IApplicationBuilder builder)
  39. {
  40. return builder.UseMiddleware<SecurityHeadersMiddleware>();
  41. }
  42. }
  43. }